Fortigate

Connecting the Fortigate

In order to connect the Fortigate to the network:

  • Ensure the modem or other ISP provided equipment is in bridge mode. Anyone familiar with the local network setup will be able to assist with this.
  • Note: If the IP address is static, it will be necessary to load this information into the Fortigate.
  • Connect the router to the modem provided by the ISP, ensuring that it is the only device connected. All other devices will connect to the router or a switch connected to the router.
  • In most cases the router can be accessed locally at 192.168.1.99

Configuring Address and Service Object

  • Navigate to Policy & Objects
  • Scroll down and select the option Addresses
  • Fill in the options below like so:
    • Name: Cytracom
    • Color: blue [optional]
    • Type: IP Range
    • Subnet/IP Range: 209.105.249.194-209.105.249.252
    • Interface: Any
    • Show in Address List: (checked)
    • Comments: Cytracom VoIP [optional]
  • Adding a Tag is optional
  • Then hit OK at the bottom to save

fortigate_AddressObject.PNG

  • Then to create a service object navigate to Policy & Objects
  • Scroll down and select the option Services
  • Fill in the options below like so:
    • Name: Cytracom
    • Comments: VoIP Service [optional]
    • Color: Blue [optional]
    • Show in Service List: (checked)
    • Category: VoIP, Messaging & Other Applications
    • Protocol Type: TCP/UDP/SCTP
    • Address: IP Range -> 209.105.249.194-209.105.249.252
    • Destination Port
      • TCP 5060 - 5061
      • TCP 10000 - 30000
      • UDP 5060 - 5062
      • UDP 10000 - 30000
    • Specify Source Ports: (un-checked)
  • Then hit OK at the bottom to save

fortigate_Cytracom_service.png

Creating Incoming and Outgoing Policies

  • Then to create an Inbound and Outbound Policy navigate to Policy & Objects
  • Scroll down and select the option IPv4 Policy
  • Fill in the options below for the Inbound rule like so:
    • Name: Cytracom [Optional]
    • Incoming Interface: WAN
    • Outgoing Interface: LAN
    • Source: Cytracom
    • Destination: all
    • Schedule: always
    • Service: Cytracom
    • Action: ACCEPT
    • NAT: On [toggled]
    • IP Pool Configuration: Use Outgoing Interface Address
    • Log Allowed Traffic: Enabled (optional)
    • Enable this policy: On [toggled]

fortigate_PolicyIncoming.PNG

  • Fill in the options below for the Outbound rule like so:
    • Name: Cytracom [Optional]
    • Incoming Interface: LAN
    • Outgoing Interface: WAN
    • Source: all
    • Destination: Cytracom
    • Schedule: always
    • Service: all
    • Action: ACCEPT
    • NAT: On [toggled]
    • IP Pool Configuration: Use Outgoing Interface Address
    • Log Allowed Traffic: Enabled (optional)
    • Enable this Policy: On [toggled]

fortigate_PolicyOutgoing.PNG

  • To create a traffic shaper navigate to Policy & Objects
  • Scroll down and select the option Traffic Shapers
  • Click the option to add new
  • Fill in the options below for the Traffic Shaper like so:
    • Type: [Shared]
    • Name: "Cytracom" [optional]
    • Traffic Priority: [Selection: High]
    • Guaranteed Bandwidth: [90kbps multiplied by the number of phones on the network]
  • Scroll to the bottom and select OK to save

fortigate_trafficShaper.png

  • Then to create a Traffic Shaping Policy navigate to Policy & Objects
  • Scroll down and select the option Traffic Shaping Policy
  • Click the option to add new
  • Fill in the options below for the Traffic Shaping Policy like so:
    • Status: Enabled
    • Source: Cytracom
    • Destination: All
    • Service: Cytracom
    • Outgoing Interface
    • Shared Shaper: Enabled [Selection: Cytracom]
  • Scroll to the bottom and select OK to save

fortigate_ShapingPolicy.png

DNS and Web Filter

fortigate_dnsfilter.png

-----

fortigate_webfilter.png

Open the Terminal and input these commands via Putty or the built in Command Line to setup the desired options.

Setting UDP Timeout to desired value for SIP:

CLI_UDP_timeout.png

Disabling SIP ALG:

CLI_SIP_ALG_1.png

CLI_SIP_ALG_2.png

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request